<?php 	
	header('Access-Control-Allow-Origin: *');
	header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
	header('Access-Control-Allow-Methods: GET, POST, PUT,DELETE');
	include('connect.php');

	$productsHeaders=['collectionname','sku','eancode','desiginid',
		'supplierdesignid','qualityid','picture','weight','grossweight','width','height','length','dimensions',
		'colormap','size','fobpricesqm','fobpricepcs','warehousecostsqm','warehousecostpcs','wholesalepricesqm',
		'wholesalepricepcs','commisionsqm','commisionpcs','barcodefiles','retailprice','saleprice','material',
		'pileheight','origin','isburn','iscolor','iselectric','iswater','ismildew','resilience','nonshedding',
		'isslippery','soft','back','iswash','issmell'
	];

	$name = $_POST['name'];
	$loginkey = $_POST['loginkey'];
	
	$rows=[];

	$sql = 'select permission_products from admin where user="'.$name.'" and loginkey="'.$loginkey.'"';
	
	$result = $db->query($sql);

	if($result->num_rows > 0){
		while($row = $result->fetch_array(MYSQLI_ASSOC)){
			$rows[] = $row;
		}
		
		$permission = $rows[0]['permission_products'];

		unset($rows);

		$sql1 = ''; 
	
		for($x=0;$x<sizeof($productsHeaders);$x++){
			if($x == sizeof($productsHeaders)-1){
				$sql1 .= $productsHeaders[$x];
			}else{
				$sql1 .= $productsHeaders[$x].',';
			}
		}

		if($permission == ''){
			$sql = 'select '.$sql1.' from productslist';
		}else{
			$sql = 'select '.$permission.' from productslist';
		}
		
		$result = $db->query($sql);
	
		$rows = [];
		if($result->num_rows > 0){
			while($row = $result->fetch_array(MYSQLI_ASSOC)){
				$rows[] = $row;
			}
		}
	}else{
		$rows['code'] = '20001';
		$rows['msg'] = '请重新登录';
		exit;
	}
	echo json_encode($rows);
	
	



